zk-Pinocchio (#19)

* update * update * update * update * update * update * update * update * udpdate * update * update * update * Update * update * update * update * update * update * update * update * reduce clones * update * update * update * update * update * update * update * update * update * Update * update * update
Koukyosyumei · Dec 29, 2024 · 207afb8 · 207afb8
1 parent 9a58ca6
commit 207afb8
Show file tree

Hide file tree

Showing 21 changed files with 714 additions and 71 deletions.
diff --git a/README.md b/README.md
@@ -68,6 +68,7 @@ MyZKP is a growing library that provides:
 |             | `qap` | Quadratic Arithmetic Program | [qap.rs](./myzkp/src/modules/arithmetization/qap.rs) |
 | **zkSNARKs**| `tutorial_single_polynomial` | | [tutorial_single_polynomial](./myzkp/src/modules/zksnark/tutorial_single_polynomial/)                                   |
 |             | `tutorial_snark` | | [tutorial_snark](./myzkp/src/modules/zksnark/tutorial_snark/) |
+|             | `pinocchio` | [Pinocchio Protocol](https://dl.acm.org/doi/abs/10.1145/2856449) | [pinocchio.rs](./myzkp/src/modules/zksnark/pinocchio.rs) |
 
 ## 🤝 Contributions are Welcome!
 

diff --git a/book/src/README.md b/book/src/README.md
@@ -63,6 +63,7 @@ MyZKP is a growing library that provides:
 |             | `qap` | Quadratic Arithmetic Program | [qap.rs](https://github.com/Koukyosyumei/MyZKP/myzkp/src/modules/arithmetization/qap.rs) |
 | **zkSNARKs**| `tutorial_single_polynomial` | | [tutorial_single_polynomial](https://github.com/Koukyosyumei/MyZKP/myzkp/src/modules/zksnark/tutorial_single_polynomial/)                                   |
 |             | `tutorial_snark` | | [tutorial_snark](https://github.com/Koukyosyumei/MyZKP/myzkp/src/modules/zksnark/tutorial_snark/) |
+|             | `pinocchio` | [Pinocchio Protocol](https://dl.acm.org/doi/abs/10.1145/2856449) | [pinocchio.rs](https://github.com/Koukyosyumei/MyZKP/myzkp/src/modules/zksnark/pinocchio.rs) |
 
 ## 🤝 Contributions are Welcome!
 

diff --git a/docs/index.html b/docs/index.html
@@ -236,6 +236,7 @@ <h2 id="-code-reference"><a class="header" href="#-code-reference">🛠️ Code
 <tr><td></td><td><code>qap</code></td><td>Quadratic Arithmetic Program</td><td><a href="https://github.com/Koukyosyumei/MyZKP/myzkp/src/modules/arithmetization/qap.rs">qap.rs</a></td></tr>
 <tr><td><strong>zkSNARKs</strong></td><td><code>tutorial_single_polynomial</code></td><td></td><td><a href="https://github.com/Koukyosyumei/MyZKP/myzkp/src/modules/zksnark/tutorial_single_polynomial/">tutorial_single_polynomial</a></td></tr>
 <tr><td></td><td><code>tutorial_snark</code></td><td></td><td><a href="https://github.com/Koukyosyumei/MyZKP/myzkp/src/modules/zksnark/tutorial_snark/">tutorial_snark</a></td></tr>
+<tr><td></td><td><code>pinocchio</code></td><td><a href="https://dl.acm.org/doi/abs/10.1145/2856449">Pinocchio Protocol</a></td><td><a href="https://github.com/Koukyosyumei/MyZKP/myzkp/src/modules/zksnark/pinocchio.rs">pinocchio.rs</a></td></tr>
 </tbody></table>
 </div>
 <h2 id="-contributions-are-welcome"><a class="header" href="#-contributions-are-welcome">🤝 Contributions are Welcome!</a></h2>

diff --git a/docs/print.html b/docs/print.html
@@ -237,6 +237,7 @@ <h2 id="-code-reference"><a class="header" href="#-code-reference">🛠️ Code
 <tr><td></td><td><code>qap</code></td><td>Quadratic Arithmetic Program</td><td><a href="https://github.com/Koukyosyumei/MyZKP/myzkp/src/modules/arithmetization/qap.rs">qap.rs</a></td></tr>
 <tr><td><strong>zkSNARKs</strong></td><td><code>tutorial_single_polynomial</code></td><td></td><td><a href="https://github.com/Koukyosyumei/MyZKP/myzkp/src/modules/zksnark/tutorial_single_polynomial/">tutorial_single_polynomial</a></td></tr>
 <tr><td></td><td><code>tutorial_snark</code></td><td></td><td><a href="https://github.com/Koukyosyumei/MyZKP/myzkp/src/modules/zksnark/tutorial_snark/">tutorial_snark</a></td></tr>
+<tr><td></td><td><code>pinocchio</code></td><td><a href="https://dl.acm.org/doi/abs/10.1145/2856449">Pinocchio Protocol</a></td><td><a href="https://github.com/Koukyosyumei/MyZKP/myzkp/src/modules/zksnark/pinocchio.rs">pinocchio.rs</a></td></tr>
 </tbody></table>
 </div>
 <h2 id="-contributions-are-welcome"><a class="header" href="#-contributions-are-welcome">🤝 Contributions are Welcome!</a></h2>

diff --git a/docs/searchindex.js b/docs/searchindex.js
diff --git a/docs/searchindex.json b/docs/searchindex.json
diff --git a/myzkp/Cargo.toml b/myzkp/Cargo.toml
@@ -12,3 +12,6 @@ paste = "1.0.15"
 
 [profile.test]
 opt-level = 3
+
+[profile.release] 
+debug = false
diff --git a/myzkp/src/modules/algebra/curve/bn128.rs b/myzkp/src/modules/algebra/curve/bn128.rs
@@ -170,9 +170,9 @@ pub fn optimal_ate_pairing(p_g1: &G1Point, q_g2: &G2Point) -> Fq12 {
             -q1.y.clone().unwrap().pow(m.clone()),
         );
 
-        f = f.mul_ref(&get_lambda(&r, &q1, &p));
-        r = r.add_ref(&q1);
-        f = f.mul_ref(&get_lambda(&r, &nq2, &p));
+        f *= get_lambda(&r, &q1, &p);
+        r += q1;
+        f *= get_lambda(&r, &nq2, &p);
     }
 
     let exp = (m.pow(12) - BigInt::one()) / (BN128::order());

diff --git a/myzkp/src/modules/algebra/curve/curve.rs b/myzkp/src/modules/algebra/curve/curve.rs
@@ -1,12 +1,12 @@
 use std::fmt;
 use std::fmt::Debug;
 use std::marker::PhantomData;
-use std::ops::{Add, Mul, Neg, Sub};
+use std::ops::{Add, AddAssign, Mul, Neg, Sub};
 
 use num_bigint::BigInt;
-use num_traits::{One, Zero};
+use num_traits::{One, Signed, Zero};
 
-use crate::modules::algebra::field::Field;
+use crate::modules::algebra::field::{Field, FiniteFieldElement, ModulusValue};
 
 pub trait EllipticCurve: Debug + Clone + PartialEq {
     fn get_a() -> BigInt;
@@ -83,6 +83,22 @@ impl<F: Field, E: EllipticCurve> EllipticCurvePoint<F, E> {
         Self::new(new_x, new_y)
     }
 
+    pub fn inplace_double(&mut self) {
+        if self.is_point_at_infinity() {
+            return;
+        }
+
+        let slope = self.line_slope(&self);
+        let x = self.x.as_ref().unwrap();
+        let y = self.y.as_ref().unwrap();
+
+        let new_x = slope.mul_ref(&slope).sub_ref(&x).sub_ref(&x);
+        let new_y = -slope.mul_ref(&new_x) + slope * x - y;
+
+        self.x = Some(new_x);
+        self.y = Some(new_y);
+    }
+
     pub fn add_ref(&self, other: &Self) -> Self {
         if self.is_point_at_infinity() {
             return other.clone();
@@ -101,31 +117,72 @@ impl<F: Field, E: EllipticCurve> EllipticCurvePoint<F, E> {
         let x1 = self.x.as_ref().unwrap();
         let y1 = self.y.as_ref().unwrap();
         let x2 = other.x.as_ref().unwrap();
-        let y2 = other.y.as_ref().unwrap();
+        //let y2 = other.y.as_ref().unwrap();
 
         let new_x = slope.mul_ref(&slope).sub_ref(&x1).sub_ref(&x2);
         let new_y = ((-slope.clone()).mul_ref(&new_x)) + (&slope.mul_ref(&x1).sub_ref(&y1));
-        assert!(new_y == -slope.clone() * &new_x + slope.mul_ref(&x2).sub_ref(&y2));
+        //assert!(new_y == -slope.clone() * &new_x + slope.mul_ref(&x2).sub_ref(&y2));
 
         Self::new(new_x, new_y)
     }
 
+    pub fn add_assign_ref(&mut self, other: &Self) {
+        if self.is_point_at_infinity() {
+            *self = other.clone();
+            return;
+        }
+        if other.is_point_at_infinity() {
+            return;
+        }
+
+        if self.x == other.x && self.y == other.y {
+            *self = self.double();
+            return;
+        } else if self.x == other.x {
+            *self = Self::point_at_infinity();
+            return;
+        }
+
+        let slope = self.line_slope(other);
+        let x1 = self.x.as_mut().unwrap();
+        let y1 = self.y.as_mut().unwrap();
+        let x2 = other.x.as_ref().unwrap();
+        //let y2 = other.y.as_ref().unwrap();
+
+        let new_x = slope.mul_ref(&slope).sub_ref(x1).sub_ref(x2);
+        let new_y = (-slope.clone())
+            .mul_ref(&new_x)
+            .add_ref(&slope.mul_ref(x1).sub_ref(y1));
+        //assert!(new_y == -slope.clone() * &new_x + slope.mul_ref(&x2).sub_ref(&y2));
+
+        self.x = Some(new_x);
+        self.y = Some(new_y);
+    }
+
     pub fn mul_ref<V: Into<BigInt>>(&self, scalar_val: V) -> Self {
         let scalar: BigInt = scalar_val.into();
+        self.mul_ref_bigint(&scalar)
+    }
+
+    pub fn mul_ref_bigint(&self, scalar: &BigInt) -> Self {
         if scalar.is_zero() {
             // Return the point at infinity for scalar * 0
             return EllipticCurvePoint::point_at_infinity();
         }
 
+        if scalar.is_negative() {
+            panic!("multiplier should be non-negative");
+        }
+
         let mut result = EllipticCurvePoint::point_at_infinity();
         let mut current = self.clone(); // Start with the current point
         let mut scalar_bits = scalar.clone();
 
         while !scalar_bits.is_zero() {
             if scalar_bits.bit(0) {
-                result = result.add_ref(&current);
+                result.add_assign_ref(&current);
             }
-            current = current.add_ref(&current); // Double the point
+            current.inplace_double();
             scalar_bits >>= 1; // Move to the next bit
         }
 
@@ -141,6 +198,12 @@ impl<F: Field, E: EllipticCurve> Add for EllipticCurvePoint<F, E> {
     }
 }
 
+impl<F: Field, E: EllipticCurve> AddAssign for EllipticCurvePoint<F, E> {
+    fn add_assign(&mut self, other: Self) {
+        self.add_assign_ref(&other)
+    }
+}
+
 impl<F: Field, E: EllipticCurve> Add for &EllipticCurvePoint<F, E> {
     type Output = EllipticCurvePoint<F, E>;
 
@@ -183,6 +246,26 @@ impl<F: Field, E: EllipticCurve, V: Into<BigInt>> Mul<V> for &EllipticCurvePoint
     }
 }
 
+impl<F: Field, E: EllipticCurve, M: ModulusValue> Mul<FiniteFieldElement<M>>
+    for &EllipticCurvePoint<F, E>
+{
+    type Output = EllipticCurvePoint<F, E>;
+
+    fn mul(self, field_val: FiniteFieldElement<M>) -> EllipticCurvePoint<F, E> {
+        self.mul_ref_bigint(&field_val.value)
+    }
+}
+
+impl<'a, F: Field, E: EllipticCurve, M: ModulusValue> Mul<&'a FiniteFieldElement<M>>
+    for &EllipticCurvePoint<F, E>
+{
+    type Output = EllipticCurvePoint<F, E>;
+
+    fn mul(self, field_val: &'a FiniteFieldElement<M>) -> EllipticCurvePoint<F, E> {
+        self.mul_ref_bigint(&field_val.value)
+    }
+}
+
 impl<F: Field, E: EllipticCurve> fmt::Display for EllipticCurvePoint<F, E> {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         if self.is_point_at_infinity() {

diff --git a/myzkp/src/modules/algebra/efield.rs b/myzkp/src/modules/algebra/efield.rs
@@ -71,7 +71,7 @@ use std::fmt::Debug;
 use std::hash::Hash;
 use std::hash::Hasher;
 use std::marker::PhantomData;
-use std::ops::{Add, Div, Mul, Neg, Sub};
+use std::ops::{Add, AddAssign, Div, Mul, MulAssign, Neg, Sub, SubAssign};
 
 use num_bigint::BigInt;
 use num_traits::One;
@@ -222,6 +222,14 @@ impl<M: ModulusValue + 'static, P: IrreduciblePoly<FiniteFieldElement<M>>> Add
     }
 }
 
+impl<M: ModulusValue + 'static, P: IrreduciblePoly<FiniteFieldElement<M>>> AddAssign
+    for ExtendedFieldElement<M, P>
+{
+    fn add_assign(&mut self, other: Self) {
+        self.add_assign_ref(&other)
+    }
+}
+
 impl<'a, M: ModulusValue + 'static, P: IrreduciblePoly<FiniteFieldElement<M>>>
     Add<&'a ExtendedFieldElement<M, P>> for ExtendedFieldElement<M, P>
 {
@@ -242,6 +250,14 @@ impl<M: ModulusValue + 'static, P: IrreduciblePoly<FiniteFieldElement<M>>> Sub
     }
 }
 
+impl<M: ModulusValue + 'static, P: IrreduciblePoly<FiniteFieldElement<M>>> SubAssign
+    for ExtendedFieldElement<M, P>
+{
+    fn sub_assign(&mut self, other: Self) {
+        self.sub_assign_ref(&other)
+    }
+}
+
 impl<'a, M: ModulusValue + 'static, P: IrreduciblePoly<FiniteFieldElement<M>>>
     Sub<&'a ExtendedFieldElement<M, P>> for ExtendedFieldElement<M, P>
 {
@@ -262,6 +278,14 @@ impl<M: ModulusValue + 'static, P: IrreduciblePoly<FiniteFieldElement<M>>> Mul
     }
 }
 
+impl<M: ModulusValue + 'static, P: IrreduciblePoly<FiniteFieldElement<M>>> MulAssign
+    for ExtendedFieldElement<M, P>
+{
+    fn mul_assign(&mut self, other: Self) {
+        self.mul_assign_ref(&other)
+    }
+}
+
 impl<'a, M: ModulusValue + 'static, P: IrreduciblePoly<FiniteFieldElement<M>>>
     Mul<&'a ExtendedFieldElement<M, P>> for ExtendedFieldElement<M, P>
 {
@@ -299,14 +323,29 @@ impl<M: ModulusValue + 'static, P: IrreduciblePoly<FiniteFieldElement<M>>> Ring
         Self::new(&self.poly + &other.poly)
     }
 
+    fn add_assign_ref(&mut self, other: &Self) {
+        self.poly += &other.poly;
+        self.sanitize();
+    }
+
     fn mul_ref(&self, other: &Self) -> Self {
         Self::new(&self.poly * &other.poly)
     }
 
+    fn mul_assign_ref(&mut self, other: &Self) {
+        self.poly *= &other.poly;
+        self.sanitize();
+    }
+
     fn sub_ref(&self, other: &Self) -> Self {
         Self::new(&self.poly - &other.poly)
     }
 
+    fn sub_assign_ref(&mut self, other: &Self) {
+        self.poly -= &other.poly;
+        self.sanitize();
+    }
+
     fn pow<V: Into<BigInt>>(&self, n: V) -> Self {
         let mut base = self.clone();
         let mut exponent: BigInt = n.into();

diff --git a/myzkp/src/modules/algebra/field.rs b/myzkp/src/modules/algebra/field.rs
@@ -49,7 +49,7 @@ use std::fmt::Debug;
 use std::hash::Hash;
 use std::hash::Hasher;
 use std::marker::PhantomData;
-use std::ops::{Add, Div, Mul, Neg, Sub};
+use std::ops::{Add, AddAssign, Div, Mul, MulAssign, Neg, Sub, SubAssign};
 use std::str::FromStr;
 
 use lazy_static::lazy_static;
@@ -154,14 +154,29 @@ impl<M: ModulusValue> Ring for FiniteFieldElement<M> {
         FiniteFieldElement::<M>::new(&self.value + &other.value)
     }
 
+    fn add_assign_ref(&mut self, other: &Self) {
+        self.value += &other.value;
+        self.value %= M::modulus();
+    }
+
     fn mul_ref(&self, other: &Self) -> Self {
         FiniteFieldElement::<M>::new(&self.value * &other.value)
     }
 
+    fn mul_assign_ref(&mut self, other: &Self) {
+        self.value *= &other.value;
+        self.value %= M::modulus();
+    }
+
     fn sub_ref(&self, other: &Self) -> Self {
         FiniteFieldElement::<M>::new(&self.value - &other.value)
     }
 
+    fn sub_assign_ref(&mut self, other: &Self) {
+        self.value -= &other.value;
+        self.value %= M::modulus();
+    }
+
     fn pow<V: Into<BigInt>>(&self, n: V) -> Self {
         FiniteFieldElement::<M>::new(mod_pow(&self.value, &n.into(), &M::modulus()))
     }
@@ -276,6 +291,12 @@ impl<M: ModulusValue> Add for FiniteFieldElement<M> {
     }
 }
 
+impl<M: ModulusValue> AddAssign for FiniteFieldElement<M> {
+    fn add_assign(&mut self, other: Self) {
+        self.add_assign_ref(&other)
+    }
+}
+
 impl<'a, M: ModulusValue> Add<&'a FiniteFieldElement<M>> for FiniteFieldElement<M> {
     type Output = FiniteFieldElement<M>;
 
@@ -292,6 +313,12 @@ impl<M: ModulusValue> Sub for FiniteFieldElement<M> {
     }
 }
 
+impl<M: ModulusValue> SubAssign for FiniteFieldElement<M> {
+    fn sub_assign(&mut self, other: Self) {
+        self.sub_assign_ref(&other)
+    }
+}
+
 impl<'a, M: ModulusValue> Sub<&'a FiniteFieldElement<M>> for FiniteFieldElement<M> {
     type Output = Self;
 
@@ -308,6 +335,12 @@ impl<M: ModulusValue> Mul<FiniteFieldElement<M>> for FiniteFieldElement<M> {
     }
 }
 
+impl<M: ModulusValue> MulAssign for FiniteFieldElement<M> {
+    fn mul_assign(&mut self, other: Self) {
+        self.mul_assign_ref(&other)
+    }
+}
+
 impl<'a, M: ModulusValue> Mul<&'a FiniteFieldElement<M>> for FiniteFieldElement<M> {
     type Output = FiniteFieldElement<M>;
 
@@ -316,6 +349,14 @@ impl<'a, M: ModulusValue> Mul<&'a FiniteFieldElement<M>> for FiniteFieldElement<
     }
 }
 
+impl<'a, M: ModulusValue> Mul<&'a FiniteFieldElement<M>> for &'a FiniteFieldElement<M> {
+    type Output = FiniteFieldElement<M>;
+
+    fn mul(self, other: &'a FiniteFieldElement<M>) -> FiniteFieldElement<M> {
+        self.mul_ref(other)
+    }
+}
+
 impl<M: ModulusValue> Neg for FiniteFieldElement<M> {
     type Output = Self;